They'll go through your garbage or represent legitimate companies in an effort to get you to reveal personal information. They will trick you by phishing or pretexting, wherein they pretend to be with an institution you trust and ask you for information you would be comfortable giving that store or company.

Armed with your personal information, thieves can drain your bank account, run up charges on your credit cards, open new accounts and get medical treatment on your health insurance.

These actions could damage your credit. And a committed identity thief could even file a tax return in your name and get your refund.

Here are three ways to stop them.

Place a security freeze on your credit report.

Most banks now have a trip-line on your account that automatically red-flags any strange purchases. This flag can be annoying when they call you after decide to splurge and buy a very expensive pair of shoes at Saks Fifth Avenue, for example. But you should just confirm your purchase and be thankful for the safety net.

After all, your credit report has no such automatic trip-line that will send red flags.

But you can ask for something similar to be placed on your credit report by freezing it.

By asking each credit reporting agency — Equifax, Experian, Trans Union — separately for a "security freeze," or a "credit freeze" you are instructing them not to add any accounts to your credit profile.

Your report will still be released to creditors and collectors. You can still open new accounts, have your credit vetted by land lords or buy insurance.

But if you're making changes to your profile or someone who isn't a creditor needs to take a peek, you'll need to lift the freeze temporarily — either for a set time or a specific party, like a landlord or employer.

The costs to free and lift your credit vary based on where you live, but commonly range from $5 to $10.

Guard against phishing.

Phishing is a common tactic used by thieves to get personal information over the computer.

An email will come in from what appears to be a legitimate source that seems familiar to you — like Netflix or Apple — asking you to follow a link to change your password or put in your credit card information. The altered link take you to a fake site designed to collect your personal information.

Perversely the message will often play on your fear of identity theft by saying something like, "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."

Boom. You've been taken.

To guard against phishing, delete emails or text messages that prompt you to confirm or supply personal information including but not limited to your credit card or bank account numbers, social security numbers, passwords.

If you are concerned or confused, just call the number, or use the email address for the company or retailer that came on a bill — or that you found on their official website: Don't call any numbers or click any links in the email itself.

Switch to encrypted email.

If you don't want prying eyes, or companies or governments, snooping on your email — and all the data that goes through it — switch to an encrypted email service like Proton Mail, Tutanota, Lockbin, Sendinc or others.

These free email services offer encryption of messages from end to end and security of content that popular services like Google, Yahoo or Outlook cannot compete with (yet).

Encrypted emails are touted as the only email services even the National Security Administration can't access.

Interest in these email services gained traction after Andy Yen, the co-founder of Proton Mail, gave a wildly popular TED Talk posted last year about the need for privacy and security online.

In his talk he says that currently sending an email is like sending a postcard — anyone can read it. The technology to protect the communication has existed, it has just been difficult to use. He says his company, and others like it, have simpler default settings to send protected emails.

Of course, end-to-end encryption won't do you much good if someone gets access to your password and logs in to that service, pretending to be you.